Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,778
Maven
5,000+
npm
3,542
NuGet
619
pip
3,127
Pub
10
RubyGems
838
Rust
791
Swift
34
Unreviewed advisories
All unreviewed
5,000+

127 advisories

Loading
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-7521 was published for org.apache.hive:hive (Maven) Nov 21, 2018
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password Critical
CVE-2016-0733 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Improper Authentication in Keycloak High
CVE-2018-14637 was published for org.keycloak:keycloak-core (Maven) Dec 21, 2018
Improper Authentication in Apache Karaf High
CVE-2018-11787 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
Improper Authentication in org.keycloak:keycloak-core High
CVE-2016-8609 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-1772 was published for org.apache.hive:hive (Maven) Mar 14, 2019
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass Critical
CVE-2021-41303 was published for org.apache.shiro:shiro-core (Maven) Sep 20, 2021
ECP SAML binding bypasses authentication flows High
CVE-2021-3827 was published for org.keycloak:keycloak-saml-core (Maven) Apr 27, 2022
Improper Authentication in Mortbay Jetty High
CVE-2007-5614 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Improper Authentication in Apache Kafka Moderate
CVE-2017-12610 was published for org.apache.kafka:kafka-clients (Maven) May 13, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2013-2067 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Authentication in Spring Security High
CVE-2014-0097 was published for org.springframework.security:spring-security-core (Maven) May 13, 2022
Limited Authentication Bypass for Media Files Moderate
CVE-2022-29237 was published for org.opencastproject:opencast-ingest-service-impl (Maven) May 25, 2022
lkiesow
Improper Authentication in Apache Hadoop Moderate
CVE-2014-0229 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Improper Authentication in OpenSAML Moderate
CVE-2011-1411 was published for org.opensaml:opensaml (Maven) May 17, 2022
Improper Authentication in Apache Qpid Moderate
CVE-2012-4446 was published for org.apache.qpid:qpid-client (Maven) May 17, 2022
Improper Authentication in Apache Axis2 Moderate
CVE-2012-5351 was published for org.apache.axis2:axis2 (Maven) May 13, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2012-5887 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Authentication in Jenkins Moderate
CVE-2017-2604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Authentication in Apache Hadoop Low
CVE-2013-2192 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action High
CVE-2022-36092 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 16, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard High
CVE-2022-36093 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification Moderate
CVE-2015-5298 was published for org.jenkins-ci.plugins:google-login (Maven) Jul 8, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
ProTip! Advisories are also available from the GraphQL API